General
-
Target
b93c74fa36ed3d59360b1f242f2caa5a9abb6933e397d05a35e94dea32ff68b6
-
Size
345KB
-
Sample
221002-18pezadah8
-
MD5
1f9ce13211e53fd308def558c7a593cf
-
SHA1
8cadbb91b0452323c0f352b5cb4d8914267770a3
-
SHA256
b93c74fa36ed3d59360b1f242f2caa5a9abb6933e397d05a35e94dea32ff68b6
-
SHA512
49f8743572b9eea5a55e7bab6f14b1e167cb8155108f5839e7c71f8c7d49a7265e9f0d7b54f70309db45a4f2eca3391dbe63883a119a2d640ebcad19b211681c
-
SSDEEP
6144:3+WVyOeJwU4oJ9ZETtTMgxM+cJoh0zf4n/4+PBXO7lyTNAPGc:XIqUj9ZtwMhJooYNBeByTC
Static task
static1
Behavioral task
behavioral1
Sample
b93c74fa36ed3d59360b1f242f2caa5a9abb6933e397d05a35e94dea32ff68b6.exe
Resource
win7-20220901-en
Malware Config
Targets
-
-
Target
b93c74fa36ed3d59360b1f242f2caa5a9abb6933e397d05a35e94dea32ff68b6
-
Size
345KB
-
MD5
1f9ce13211e53fd308def558c7a593cf
-
SHA1
8cadbb91b0452323c0f352b5cb4d8914267770a3
-
SHA256
b93c74fa36ed3d59360b1f242f2caa5a9abb6933e397d05a35e94dea32ff68b6
-
SHA512
49f8743572b9eea5a55e7bab6f14b1e167cb8155108f5839e7c71f8c7d49a7265e9f0d7b54f70309db45a4f2eca3391dbe63883a119a2d640ebcad19b211681c
-
SSDEEP
6144:3+WVyOeJwU4oJ9ZETtTMgxM+cJoh0zf4n/4+PBXO7lyTNAPGc:XIqUj9ZtwMhJooYNBeByTC
-
Modifies security service
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-